Data protection information for members

1. Person in charge

The controller responsible for the processing of personal data is:

Name of the Cooperative: eXhaus PLC
Legal form: Registered cooperative (eG)
Seat Trier
Email info@exhaus-eg.de

2. Purposes of Data Processing

The cooperative processes personal data of its members, interested parties and donors exclusively for the following purposes:

  • Drawing of cooperative shares and for making contact in advance of a possible accession
  • Membership Management and Administration
  • Maintenance of the membership register in accordance with the Co-operative Societies Act
  • Management and processing of business shares and deposits
  • Compliance with statutory and regulatory obligations
  • Communication with members and interested parties on cooperative matters
    processing of voluntary donations, including the management of donor data, the issuing of
  • Donation receipts and compliance with legal retention requirements for tax and commercial law, insofar as the cooperative is recognised as charitable

3. Legal basis for processing

The processing of personal data is carried out on the basis of:

  • Article 6(1)(b) of the GDPR Fulfilment of a contractual relationship – Membership
  • Art. 6(1)(c) GDPR Fulfilment of legal obligations, in particular under the Co-operative Societies Act

Provided consent is obtained (e.g. for voluntary communication channels or explicit mention as a donor), processing will additionally be based on Article 6(1)(a) GDPR.

The processing of personal data in connection with donations is also carried out on the basis of Art. 6(1)(c) GDPR (Fulfilment of tax obligations, particularly under the Tax Code) and Article 6(1)(f) GDPR (legitimate interest in proper, transparent donation management), provided consent is not required. A balancing of interests will favour the proper fulfilment of the cooperative's statutory and bylaw purposes.

4. Categories of personal data

The following data are processed in particular:

  • Master data (name, address, date of birth)
  • Contact details (email address, telephone number)
  • Membership and shareholding data (date of entry, number of shares, payments, bank details for bank transfer or SEPA direct debit)
  • Communication and administrative data
  • donation-related data (e.g. donation amount, donation date, purpose of donation, bank details if applicable for bank transfer or SEPA direct debit, information on the issuance of donation receipts)

5. Data recipients

Personal data is processed within the cooperative exclusively by authorised bodies (e.g. the management board, and potentially the supervisory board).

Furthermore, data may be transmitted to the following recipients, insofar as this is necessary:

  • Banks and payment service providers (e.g. for transfers and SEPA direct debits)
  • Examination boards
  • Tax advisor, auditor or legal advisor
  • Providers of accounting, membership management, or other administrative software
  • Public bodies and authorities within the scope of statutory obligations

A transfer to third parties for advertising purposes will not take place.

Notice on the processing of orders:
To the extent that external service providers process personal data on behalf of the cooperative (e.g. accounting software, IT or administrative service providers), it is ensured that a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR is completed. The service providers and recipient categories used are regularly reviewed and adjusted as necessary.

6. Data transfer to third countries

Personal data is not transferred to countries outside of the European Union or the European Economic Area.

7. Storage Duration

Personal data will only be stored for as long as is necessary for the purposes of membership, expression of interest, or processing of donations.

Upon termination of membership, data will be deleted, provided no statutory retention obligations exist. Donation and accounting-related data are subject to statutory commercial and tax retention obligations and can generally be stored for up to ten years.

8. Rights of data subjects

Members have the following rights under GDPR:

  • Right to access personal data that is being processed (Article 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Article 21 GDPR), where processing is based on Article 6(1)(e) or (f) GDPR

Requests concerning the exercise of these rights can be addressed to the controller.

9. Withdrawal of consents

If processing is based on consent, this consent can be withdrawn at any time with effect for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected.

10. Right of complaint to the supervisory authority

Affected individuals have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data infringes the GDPR.
The data protection supervisory authority in Rhineland-Palatinate is responsible.

11. Obligation to provide data

The provision of personal data is required for joining and participating in the membership. Without this data, membership in the cooperative is not possible.

Status: 11.05.2026

Web design and WordPress development
New Media Labs advertising agency in Wittlich and Cologne - more customers, stronger brand and sustainable success